romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(skills): distinguish native vs external tool credential storage

Browse Source
This commit is contained in:
Trevin Chow 2026-01-28 12:06:49 -08:00 committed by Trevin Chow
parent 1faf9d2020
commit 1e0181c7cd
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
skills/skill-creator/SKILL.md
View File

@ -100,14 +100,17 @@ Files not intended to be loaded into context, but rather used within the output
#### Secrets & Credentials #### Secrets & Credentials
**NEVER hardcode secrets automatically**—only if user explicitly requests it. Scripts must look up secrets dynamically: config → env → error. **NEVER hardcode secrets automatically.** Look up secrets dynamically based on skill type:
**Clawdbot-native skills** (no external CLI): Use config → env → error:
```bash ```bash
VALUE=$(jq -r '.skills.entries["skill-name"].apiKey // empty' ~/.clawdbot/clawdbot.json) VALUE=$(jq -r '.skills.entries["skill-name"].apiKey // empty' ~/.clawdbot/clawdbot.json)
VALUE="${VALUE:-$SKILL_NAME_API_KEY}" VALUE="${VALUE:-$SKILL_NAME_API_KEY}"
[[ -z "$VALUE" ]] && echo "Error: Set skills.entries.skill-name.apiKey in config or SKILL_NAME_API_KEY env var" && exit 1 [[ -z "$VALUE" ]] && echo "Error: Set skills.entries.skill-name.apiKey in config or SKILL_NAME_API_KEY env var" && exit 1
``` ```
**Skills wrapping external tools**: Source from `~/.config/<tool>/` (XDG convention). If the tool works standalone without Clawdbot, its credentials belong outside Clawdbot's config.
#### What to Not Include in a Skill #### What to Not Include in a Skill
A skill should only contain essential files that directly support its functionality. Do NOT create extraneous documentation or auxiliary files, including: A skill should only contain essential files that directly support its functionality. Do NOT create extraneous documentation or auxiliary files, including: